Bright Security MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add --transport http -H "Authorization: Api-Key YOUR_API_KEY" bright-security https://app.brightsec.com/mcp
Required:Authorization
README.md

AI-powered application security testing directly into your development workflow

Bright MCP Integration

Bright's Model Context Protocol (MCP) integration brings AI-powered application security testing directly into your development workflow. Your AI coding assistant can discover API endpoints, run security scans, and review vulnerabilities — all through natural language conversation.

Bright MCP is a remote, cloud-hosted MCP server. There is nothing to install locally — you simply point your MCP-compatible client at Bright's endpoint and authenticate with an API key.

Quick Start

1. Get a Bright API Key

Create a dedicated API key in your Bright account. This can be a personal, project, or organization-level key with the relevant scopes. See Personal API Key Scopes for details.

2. Configure Your Client

Add Bright as a remote MCP server in your IDE or tool of choice. The server URL is:

https://app.brightsec.com/mcp

Note: If your organization uses a dedicated Bright cluster, replace app.brightsec.com with your cluster's hostname.

See Client Configuration below for IDE-specific instructions.

3. Start Using It

Ask your AI assistant something like:

Scan https://my-app.example.com for security vulnerabilities

Your assistant will use the Bright MCP tools to list projects, discover entrypoints, run scans, and report findings.

Client Configuration

VS Code (GitHub Copilot)

Add the following to your MCP configuration (via Command Palette → "MCP: Add Server" → Global, or manually edit your mcp.json):

{
  "servers": {
    "brightsec.com": {
      "type": "sse",
      "url": "https://app.brightsec.com/mcp",
      "headers": {
        "Authorization": "Api-Key ${input:apiKey}"
      }
    }
  },
  "inputs": [
    {
      "type": "promptString",
      "id": "apiKey",
      "description": "Enter your Bright API Key",
      "password": true
    }
  ]
}

Then go to the Extensions tab, right-click the brightsec.com MCP server, and choose Start Server. You'll be prompted to enter your API key.

Full guide: Configure Bright MCP in VS Code

Augment Code

  1. Open the Augment Code extension settings → ToolsMCP.
  2. Click + Add remote MCP.
  3. Fill in:
    • Connection Type: HTTP
    • Authentication Type: Header
    • Name: BrightSec
    • URL: https://app.brightsec.com/mcp
    • Header Name: Authorization
    • Header Value: Api-Key YOUR_API_KEY
  4. Click Save.

Full guide: Configure Bright MCP in Augment Code

Cursor

Add to your Cursor MCP settings (.cursor/mcp.json):

{
  "mcpServers": {
    "brightsec": {
      "url": "https://app.brightsec.com/mcp",
      "headers": {
        "Authorization": "Api-Key YOUR_API_KEY"
      }
    }
  }
}

Windsurf

Add to your Windsurf MCP configuration (~/.codeium/windsurf/mcp_config.json):

{
  "mcpServers": {
    "brightsec": {
      "serverUrl": "https://app.brightsec.com/mcp",
      "headers": {
        "Authorization": "Api-Key YOUR_API_KEY"
      }
    }
  }
}

Generic MCP Client

Any MCP-compatible client that supports remote HTTP/SSE servers can connect to Bright. Configure it with:

Setting Value
Transport SSE (Server-Sent Events) or HTTP
URL https://app.brightsec.com/mcp
Auth Header Authorization: Api-Key YOUR_KEY

Available Tools

Bright MCP exposes the following tools to your AI assistant:

Project Management

Tool Description
listProjects List all projects accessible to your API key. Use this to find project IDs needed for other operations.

Endpoint Discovery

Tool Description
runDiscovery Discover API endpoints using crawling (crawlerUrls) or API definitions (fileId from uploadApiDefinition). Before running, check if the project already has entrypoints with listEntrypoints. For private/local targets, specify a connected repeater via repeaters.
getDiscoveryStatus Get the current status of a discovery run.
listDiscoveries List discovery history for a project. View past discovery runs or monitor ongoing endpoint discovery.
uploadApiDefinition Upload an API definition file (OpenAPI/Swagger) by URL or content. Returns a file ID to reference in discovery runs.

Entrypoint Management

Tool Description
listEntrypoints List discovered API endpoints/URLs for a project. Use this to select entrypoints for scans or evaluate attack surface coverage. Supports filtering by HTTP method, status, and text sea

Tools (6)

listProjectsList all projects accessible to your API key.
runDiscoveryDiscover API endpoints using crawling or API definitions.
getDiscoveryStatusGet the current status of a discovery run.
listDiscoveriesList discovery history for a project.
uploadApiDefinitionUpload an API definition file (OpenAPI/Swagger) by URL or content.
listEntrypointsList discovered API endpoints/URLs for a project.

Environment Variables

AuthorizationrequiredAPI Key for authenticating with the Bright Security platform

Configuration

claude_desktop_config.json
{"mcpServers": {"brightsec": {"url": "https://app.brightsec.com/mcp", "headers": {"Authorization": "Api-Key YOUR_API_KEY"}}}}

Try it

List all my projects in Bright Security.
Scan https://my-app.example.com for security vulnerabilities.
Upload my OpenAPI definition file and start a discovery run.
Show me the status of the latest discovery run for my project.
List all discovered API entrypoints for the current project.

Frequently Asked Questions

What are the key features of Bright Security?

Automated discovery of API endpoints via crawling or definition files. End-to-end management of security scans through natural language. Integration with existing CI/CD workflows via AI assistants. Support for project-level and organization-level security analysis. Remote, cloud-hosted architecture requiring no local installation.

What can I use Bright Security for?

Developers identifying missing or hidden API entrypoints before deployment. Security teams automating the selection of relevant security tests for specific tech stacks. QA engineers monitoring the status of ongoing security discovery runs via chat. DevSecOps teams integrating vulnerability scanning into IDE-based AI workflows.

How do I install Bright Security?

Install Bright Security by running: https://app.brightsec.com/mcp

What MCP clients work with Bright Security?

Bright Security works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Bright Security docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars